Vulnerabilities > Netapp > Clustered Data Ontap > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-09-01 CVE-2017-12421 Unspecified vulnerability in Netapp Clustered Data Ontap
NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to execute arbitrary code on the storage controller via unspecified vectors.
network
low complexity
netapp
6.5
2017-08-18 CVE-2017-12420 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Netapp Clustered Data Ontap
Heap-based buffer overflow in the SMB implementation in NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allows remote authenticated users to cause a denial of service or execute arbitrary code.
network
low complexity
netapp CWE-119
6.5
2017-08-07 CVE-2015-7855 Improper Input Validation vulnerability in multiple products
The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.
network
low complexity
ntp debian netapp siemens CWE-20
4.0
2017-08-07 CVE-2015-7854 Classic Buffer Overflow vulnerability in NTP
Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.
network
low complexity
ntp netapp CWE-120
6.5
2017-08-07 CVE-2015-7852 Improper Input Validation vulnerability in NTP
ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.
4.3
2017-08-07 CVE-2015-7850 Infinite Loop vulnerability in NTP
ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.
network
low complexity
ntp debian netapp CWE-835
4.0
2017-08-07 CVE-2015-7849 Use After Free vulnerability in NTP
Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.
network
low complexity
ntp netapp CWE-416
6.5
2017-08-07 CVE-2015-7704 Improper Input Validation vulnerability in multiple products
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.
network
low complexity
ntp debian netapp redhat mcafee citrix CWE-20
5.0
2017-08-07 CVE-2015-7702 Improper Input Validation vulnerability in NTP
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash).
network
low complexity
ntp oracle debian netapp redhat CWE-20
4.0
2017-08-07 CVE-2015-7701 Missing Release of Resource after Effective Lifetime vulnerability in NTP
Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).
network
low complexity
ntp oracle debian netapp redhat CWE-772
5.0